Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4538-1] wpa security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4538-1] wpa security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Yves-Alexis Perez <corsac AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4538-1] wpa security update
  • Date: Sun, 29 Sep 2019 15:59:27 +0200
  • List-archive: https://lists.debian.org/msgid-search/5d90b8bf.a00a6.42cb01fe AT scapa.corsac.net
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <corsac AT corsac.net>
  • Priority: urgent
  • Resent-date: Sun, 29 Sep 2019 14:00:39 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <yFDvD--8UZC.A.KnH.HkLkdB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4538-1 security AT debian.org
https://www.debian.org/security/ Yves-Alexis Perez
September 29, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : wpa
CVE ID : CVE-2019-13377 CVE-2019-16275
Debian Bug : 934180 940080

Two vulnerabilities were found in the WPA protocol implementation found in
wpa_supplication (station) and hostapd (access point).

CVE-2019-13377

A timing-based side-channel attack against WPA3's Dragonfly handshake when
using Brainpool curves could be used by an attacker to retrieve the
password.

CVE-2019-16275

Insufficient source address validation for some received Management frames
in hostapd could lead to a denial of service for stations associated to an
access point. An attacker in radio range of the access point could inject
a
specially constructed unauthenticated IEEE 802.11 frame to the access
point
to cause associated stations to be disconnected and require a reconnection
to the network.

For the oldstable distribution (stretch), these problems have been fixed
in version $stretch_VERSION.

For the stable distribution (buster), these problems have been fixed in
version 2:2.7+git20190128+0c1e29f-6+deb10u1.

We recommend that you upgrade your wpa packages.

For the detailed security status of wpa please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wpa

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAl2QuGQACgkQ3rYcyPpX
RFtKAAf9Fv7lhUQD2TC7HjEavULALsOuku5mFLQTUygj1IwsTjWkhC4cGFNgrOho
xWqxSE1YP4LdtSLAo9btfSXPYPHhdlNthxHSu4HSkSasoXgFgrF0xQSxhRHABdMZ
MVH3+xpMKrwMk1UEIxtcYXpesN8N9+3wVv7I1tk3L+yL25EBxHHijt1SXpeBF6dw
ps7q5HaAxpwC9S2PtILvwsEs0ocHupbMTsJtkr0bsvOvg+gx40yQDZLQxZyR+xQZ
HZmMbH87ElCG9JuXlCSGdmdLIEH08i7Yy9JKTpPHg20jAo/KsOIygRF2B0rTmn9O
JdR8hkAiqGQ2lZiAcSJZio7ojLD5MQ==
=Agz+
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4538-1] wpa security update, Yves-Alexis Perez, 29.09.2019

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang